Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems.
Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed to patch the same Pulse Secure VPN server vulnerability through which Travelex was infected, even though the a fix was issued in April 2019. Citing research from Bad Packets Report, the Wall Street Journal today named several of these potentially affected companies, including Purdue Pharma, Revlon and Texas Instruments.
Other companies included a California utility, a border-police force and an appellate court, said Troy Mursch, Bad Packets’ chief research officer, per the WSJ report.
“We have continued to make good progress with our technology recovery. Having already restored some of our internal and order processing systems, we have started to restore customer-facing systems, beginning with the in-store systems that process customer orders electronically. The first of these are now successfully live in the UK,” the Travelex said in an online customer information hub it has set up. “We have decided to take a phased approach to ensure the integrity and security of our systems and therefore certain limitations will be in place as we move towards restoring full functionality across the entire Travelex estate.”
Since Dec. 31, affected Travelex locations have been processing transactions manually while digital and online services were taken offline to prevent further spread of the ransomware. “We have started restoring forex order processing electronically in our UK stores and in some of our UK retail partner locations, and we are also now starting our VAT refund service in UK airports. We are also making good progress on restoring our proprietary UK International Money Transfer Service, which will be available by the end of the month,” the company said.
“Our focus is to ensure the integrity and robustness of the network and therefore Travelex is bringing systems up in a controlled and secure manner,” said Tony D’Souza, CEO of Travelex, in a video one the customer hub side. While making these fixes, the company is also enhancing and upgrading its systems in line with our longer-term technology strategy,” he said at another point in the video.
On Jan. 10, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning that unsecured Pulse Secure VPN servers “continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack.”
“Although Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510,” the alert continues. “CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes.”